편리한 호스팅 미소IDC

   
 
 
 

      1차 네임서버 :
      ns1.misoidc.com
      101.79.73.101

      2차 네임서버 :
      ns2.misoidc.com
      101.79.73.105

      어제 : 150 ,오늘 : 48
      전체 : 1,114,260


     

 

 
작성일 : 12-05-21 18:19
rsyslog + LogAnalyzer
 글쓴이 : 싼웹호스팅
조회 : 54,549  
   http://blog.redbranch.net/2011/03/04/rsyslog-and-log-analyzer/ [13863]

These are the steps I took to create a centralised location of system logs. In this scenario multiple servers (earth, venus, mars) send their system logs to a central server (sun 192.168.1.1). I’m not going to cover the configuration of Apache, MySql except were it applies to Log Analyzer. Most of the servers are running Red Hat / CentOS 5. In this setup I am using 192.168.0.0 as the subnet and topsecret as the password. Change as appropriate. More info here.

Central Server (sun):

On the central server (sun) which will be running Log Analyzer, these steps only need to be taken once. If you only want to add more servers sending their syslogs to sun skip this section:

yum install httpd php mysql php-mysql mysql-server wget rsyslog rsyslog-mysql

Create the rsyslog database structure in MySQL:

mysql -u root -p < /usr/share/doc/rsyslog-mysql-3.22.1/createDB.sql

Create the MySQL user:

mysql -u root -p mysql
mysql> GRANT ALL ON Syslog.* TO rsyslog@localhost IDENTIFIED BY ‘topsecret’;
mysql> flush privileges;
mysql> exit

Edit the rsyslog config file:

vi /etc/rsyslog.conf

Add the following at the top:

$AllowedSender UDP, 127.0.0.1, 192.168.0.0/16
$AllowedSender TCP, 127.0.0.1, 192.168.0.0/16

#UDP log
$ModLoad imudp
$UDPServerRun 514
#TCP log
$ModLoad imtcp
$InputTCPServerRun 514

$ModLoad ommysql
*.info :o mmysql:127.0.0.1,Syslog,rsyslog,topsecret

Amend the rsyslog startup options:

vi /etc/sysconfig/rsyslog

<IFRAME style="POSITION: absolute; TOP: 0px; LEFT: 0px" id=aswift_0 height=60 marginHeight=0 frameBorder=0 width=468 allowTransparency name=aswift_0 marginWidth=0 scrolling=no></IFRAME>

Set the options as follows:

SYSLOGD_OPTIonS=”-r -t154 -m 0″

Now disable the standard syslog and enable rsyslog:

chkconfig syslog off
service syslog stop
chkconfig rsyslog on
service rsyslog start

Install Log Analyzer:

cd /tmp
wget http://download.adiscon.com/loganalyzer/loganalyzer-3.0.7.tar.gz
tar xzf loganalyzer-3.0.7.tar.gz
mv loganalyzer-3.0.7/src /var/www/html/loganalyzer
mv loganalyzer-3.0.7/contrib/* /var/www/html/loganalyzer
cd /var/www/html/loganalyzer
chmod u+x configure.sh secure.sh
./configure.sh

Now browse the website e.g. http://sun/loganalyzer
Follow the installer adding your MySQL credentials when requested.

Amend the firewall on the central (sun) server to allow other servers:

vi /etc/sysconfig/iptables

Add:

-A RH-Firewall-1-INPUT -p udp -m udp –dport 514 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp –dport 514 -j ACCEPT

Restart iptables:

service iptables restart

Remote Servers
Configure Other Servers (mars, venus, earth) to send their syslogs to the central server (sun):
Install rsyslog:

yum install rsyslog

Edit the config:

vi /etc/rsyslog.conf

Add:

*.info @192.168.1.1:514

I add this on line number 2 below $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
Set rsyslog as the default syslogger:

/sbin/chkconfig syslog off
/sbin/chkconfig rsyslog on
service syslog stop
service rsyslog start

Using *.info could collect a lot of messages so customise as necessary, for example changing to *.crit will collect less messages of higher importance.



 
 

Total 78
번호 제   목 글쓴이 날짜 조회
63 backuppc 소스설치 하기 (1) 싼웹호스팅 06-11 61208
62 리눅스에서 소스컴파일을 이용한 Trac, Subversion 설치 완벽 가… (1) 싼웹호스팅 05-10 60976
61 [CREATE DATABASE] 오라클 DB 수동생성 ( CREATE DATABASE 이용) 싼웹호스팅 07-07 60732
60 wowza live 스트리밍 싼웹호스팅 10-11 59809
59 Install Tomcat 7 on CentOS, RHEL, or Fedora 싼웹호스팅 11-15 54896
58 rsyslog + LogAnalyzer 싼웹호스팅 05-21 54550
57 윈도우에서 오라클 InstantClient 설치 후 Toad 연결법 싼웹호스팅 07-07 54061
56 Wowza 설치 및 튜닝 싼웹호스팅 10-11 50616
55 HP ProLiant 서버에 RAID 1으로 Ubuntu 10.4 LTS , HP Sotware … 싼웹호스팅 02-22 49950
54 아파치1 톰캣5 싼웹호스팅 11-16 48798
53 PHP Session 공유 (memcached 이용) 싼웹호스팅 11-01 48615
52 리눅스용 백신 - f-prot 설치 및 사용법 싼웹호스팅 05-24 47642
51 CentOS 4.x 버젼에 php5, mysql5 를 yum 으로 설치 가능하게하기 싼웹호스팅 06-29 44863
50 레이어 팝업 - 닫기&오늘 하루 열지 않기 싼웹호스팅 06-12 44013
49 [MS-SQL]SQL Server 2005 연결오류 진단방법 싼웹호스팅 04-04 41763
 1  2  3  4  5  6